My WordPress Site Was Hacked
My site was hacked today. Usually when someone says “my site’s been hacked,” the first response is, are you sure you didn’t screw something up yourself? Yes, I’m sure. Someone twittered that my tinyurl was showing a login page. Actually, for me it showed the install page below:
But I hadn’t been upgrading or installing anything. Something was definitely wrong.
I wondered if it was a hacker, so I searched the WordPress forums and found a post indicating a similar experience. Not only did my blog show the install screen rather than content, the wp_options table in the database also needed to be repaired.
I guess I’m used to not freaking out when things are broken. And just last week, I backed up my blog. So I was calm about it. Still, it surprised me that I didn’t start hyperventilating or getting even the least bit stressed. Maybe that’s a spinoff of having become a technical writer. Oh, it’s broken? Let’s see what seems to be the matter ….
Anyway, if you have the same hacked symptoms, here’s how you fix it:
- Enter your web host’s cPanel, click the MySQL database button, select the database for your blog, and then click the Repair Database button. This should fix the wp_options table and allow your site’s content to reappear, rather than the install screen.
- Log in to your site, click the Users tab, and delete any new admin users. I had someone in there with the email mdburke@maine.edu.
- Delete the 30+ new “Hello World” and “About” posts.
- Change your password to your site and web host to something much stronger.
That’s about it. I’m not sure what the hacker’s point was. I do have the latest version of WordPress (2.5.1).
As a measure of prevention against future attacks, I installed the Ask Apache Password Protect Plugin, which was recommended in this WordPress Codex article on “Hardening WordPress.” Actually, this plugin turned out to be problematic. It locked me out of my admin panel completely. If this happens, just delete the new .htaccess file that appears in your wp-admin folder, and you should be able to log back into your site.
Related Posts
![Topic-Based, Hierarchical Navigation [Organizing Content 5]](http://idratherbewriting.com/wp-content/plugins/related-posts/static/thumbs/1.jpg)
Topic-Based, Hierarchical Navigation [Organizing Content 5]
WordPress vs. Movable Type: The Advantages of Open Source and What It Means for Technical Writers
Discovering Relationship Tables
Sample Integration of Captivate Screen Demos in RoboHelp Hotspots
Recording SME Demos — It’s Easier Than You Think
Oh Tom that’s just terrible. Thanks for reminding me that I need to backup my fresh install. I’m glad to learn from others’ experiences.
Keep on writing.
Tony Chungs last blog post..My visit with The Shack
Thanks for reminding me that i must to buckup my blog database
Your blog is one of my preferred !
Tom, my blog had the same issue just an hour ago. I googled, and found your post here. Did what you wrote, except for the sql repairing thing, I must query repair wp_options. But it did fix the problem though. Thanks for the advise! I did search for unusual user accounts with admin privilege but nothing found. I’m now trying to strengthen everything I could for the blog.
Thanks again!
Kelly, glad you were able to find this post and solve the problem. I noticed a couple weeks later that all my pages had become posts, but I don’t know if the problem was related to the hack at all. Still, you might want to check on that.
That sucks about getting hacked. Good thing you had a recent backup!
Sheri Bigelows last blog post..Google AdWords Keyword Tool Starts Showing Approx Search Volume Numbers
I had the same thing happen to one of my blogs. Looks like it was broken for about 24 hours before the hacker came back and added the account and pages.
I was running 2.6
oh I should get a blogger blog
nice info bro
pass overs last blog post..SEC Web Guidelines Vex Press Release Services
Yes,It’s important to backup the data.Thank you very much for your post.I thing blogger is less prone to such hacks.Any ways it’s better to hav a bakup
Srikis last blog post..Hacking Yahoo Messenger
I had the same problem for a brand new install (not update) of 2.6.2, but with no sign of any hacker.
I was interrupted during the install, having done everything except run the install script, so anyone going to the site would have been presented with the install script. I unwittingly left it it like that for 12 hours!. However, no one should know about the site and if they had run the script, then it wouldn’t have run for me (it would have said it had already been run). So, I’m pretty sure that my incident was just an installation error, not a hack attempt.
Anyway, repairing the table got me back on track. Thanks!
By the way, if you want to know how to fix the problem you had with the AskApache plugin, check the solution in my post (link should be picked up by CommentLuv at the bottom of this comment).
Stephen Cronins last blog post..Password Protecting The Wp-admin Folder
Hi Tom,
I am glad to hear you got your website fixed easily. I was hacked yesterday on wordpress. Can you help me? there are no other admin user emails in my Admin file.
I’m not sure what this means:
Enter your web host’s cPanel, click the MySQL database button, select the database for your blog, and then click the Repair Database button. This should fix the wp_options table and allow your site’s content to reappear, rather than the install screen.
i appreciate your help.
Same thing just happened to my site. This post was a tremendous help. Thanks!
This was some very helpful information. It’s ashame people take the time to hack someone’s site, especially if there is no “incentive” behind it.
I agree with you Sriki, it’s better to have back up with your files, hacking cannot be avoided nowadays, so better prepare.
Thanks!!! More or less the same thing happened to me right now. Strangely enough I didn’t panic also. I just starting googling and yours was one of the first sites that came up. I followed your instructions and now everything is up and running again. Thank you so much!!!
Silasious, I’m glad you found my post helpful.
Tom, bonjour… Will this still be a problem with version 2.7 Security feature activated?
Does the blog we post to need to be around our niche in order to rank higher?
Thank you for this post, it saved me a reinstall!
I was working on a site for somebody, was in the middle of uploading a picture when the site timed out. Tried to re-enter the site, got page 404 for about an hour. After that I got directed to the wp-install screen, just like you here.
Followed your instructions and got it all back within 3 minutes. Thank you for that!
One thing though, mine was not hacked, I checked and there were no additional users entered or anything else suspicious. I assume the database must have gotten corrupted during the time-out while the page was reloading. But the fix worked wonders!
Marika
Thanks for the info.
I’m demented at the min. In work and just realized my wordpress site was hacked,. Can’t wait to get home and fix it
Thank you for this post…
I woke up to see my site in this state.. I was running the latest 2.7, and was able to get the site back online from your instructions…
Though I did have a few Hello world posts, I didn’t see additional users. Sort of a random bot hack?
W